ISJ Exclusive: Smart buildings are secure buildings

International Security Journal hears exclusively from Mickaël Wajnglas, Secretary General, SPAC.

Smart buildings are considered to be part of a smart city. Smart city initiatives often are related to large scale applications like power distribution, transport systems, street lighting and waste management.

The idea behind smart initiatives is to use data and technology to improve the everyday life of residents and professionals. In essence, smart cities and smart buildings are about supporting people who live and work in the city while optimising the utilisation of scarce resources, like infrastructure capacity, energy and public space.

IoT sensors, video cameras, identification devices for vehicle access control, security hardware and other equipment all act together as one nervous system, providing constant feedback to building and city administrators, which helps them to have a better understanding of the situation and make better decisions.

These sensors and connected devices collect and analyse data. These data are used to optimise city operations, manage resources and improve the everyday life.

The convergence of operational technologies and IT systems is essential to support these so-called “smart” devices. But, without strong security measures, use of these smart devices can also expose facilities to multiple threats, mostly cyber threats at first, but also physical attacks.

Increasing threats for smart buildings

If a hacker enters into a smart building through a physical access, they can easily access the building’s IT network, opening up numerous ways to plan and execute cyber-attacks. This is what is called a “hybrid attack”.

The recent attack on the US Capitol Building perfectly illustrates the potential consequences of these kinds of attack. The physical breach of the building, in essence, opened a “Pandora’s Box” of cybersecurity (compromising the security of computer networks and enabling unwanted visibility of classified information on devices).

Hybrid attacks generally exploit a physical security flaw to break into a building and reach the core of the information system. All building technologies, such as controllers, CCTV cameras or security equipment, connected or not, especially those installed inside the building, are potential entry points for hackers to gain access to the network.

The consequences of a cyber-attack can be disastrous. Affected systems can be completely incapacitated, disrupting internal processes and impacting productivity. The loss or theft of sensitive data can also lead to serious financial consequences and reputational damage, which organisations often find difficult to restore. In short: The best IT security is useless if physical access points are not secured properly.

Faced with these growing threats within the smart building ecosystem, manufacturers, solution providers and end users in the security sector have come together to form the SPAC (Smart Physical Access Control) alliance.

The SSCP® Protocol enables end-to-end security in smart buildings

To promote strong physical solutions, SPAC efforts are based on the French and European regulatory framework and on the promotion of the SSCP® protocol (Smart & Secure Communication Protocol).

The SSCP® Protocol is a European Standard allowing integrity and confidentiality of information by encryption of sensitive data. It is the only protocol for the security market which has been security certified by ANSSI, the French security agency. The certification process included extensive targeting of security measures and the execution of various cyber-attacks. Today, the SSCP® protocol supports the integration of the most certified security solutions on the market.

The SSCP® Protocol guarantees end-to-end security between access control systems and other security equipment. The protocol allows communication using wired or wireless connections, meaning that SSCP® is interface agnostic, which should be a mandatory requirement for any smart building project.

Modern buildings often provide shared spaces to companies that rent a portion of the building; this concept can only be supported if we deploy common standards and interoperable solutions throughout the building, like the SSCP® standard, to centrally manage mobile applications, printers, IP cameras and other connected devices which can be found in a smart building.

Smart building concepts and adequate security are inseparable: Smart building facilities have to be properly secured to ensure the safety of people, data and resources. 

A strong federation

SPAC brings together major European players in security, smart building technology and Industry 4.0. All SPAC efforts are centred around trusted technologies that comply with well managed standards.

It is the mission of SPAC to inform, support and train people about security technology and to develop and manage relevant industry standards. The SPAC Alliance supports:

• Security and information systems departments in making the choice of trusted solutions that comply with relevant and applicable laws and directives

• Manufacturers of security solutions and equipment in their positioning as trustworthy industry actors that are recognised for the excellence and high security of their solutions

SPAC will promote strong and sustainable technologies in general and specifically promote a superior communication standard, the SSCP® protocol. SPAC’s mission is to allow manufactures and end users to benefit from trusted, open, interoperable solutions with the highest levels of security.

To find out more information, visit: en.sp-ac.org/ or email [email protected]

This article was originally published in the October edition of International Security Journal. To read your FREE digital edition, click here.